Method for protecting a portable card

ABSTRACT

A method for protecting a portable card, provided with at least a crypto algorithm for enciphering data and/or authenticating the card, against deriving the secret key through statistical analysis of its information leaking away to the outside world in the event of cryptographic operations, such as power-consumption data, electromagnetic radiation and the like. The card is provided with at least a shift register having a linear and a non-linear feedback function for creating cryptographic algorithms. An algorithm is applied to the card, which is constructed in such a manner that the collection of values of recorded leak-information signals is resistant to deriving the secret key from statistical analysis of those values. Advantageously, after the key has been loaded into the shift register, the shift register clocks on, using at least the linear-feedback function. A suitable alternative is loading only the key into the shift register in the event of a fixed content of the shift register.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The invention relates to a method for protecting a portable card,provided with at least a crypto algorithm for enciphering data and/orauthenticating the card, against deriving the secret key throughstatistical analysis of its information leaking away to the outsideworld in the event of cryptographic operations, such as powerconsumption data, electromagnetic radiation and the like. The card isprovided with at least a shift register having a linear and a non-linearfeedback function for creating cryptographic algorithms. The methodcomprises loading data to be processed and a secret key in the shiftregister of the card.

2. Description of the Prior Art

Using a secret key to process input information and/or to produce outputinformation is generally known in the event of cryptographic devices.Using feedback shift registers is also generally known for creatingcryptographic algorithms.

In this connection, data to be consecutively processed and a secret keyare loaded into one or more shift registers. Here, the sequence ofloading data and the key is random.

Subsequently, the output of the shift register and possibly theshift-register contents are applied, using linear and/ornon-linear-feedback, to determine the output of the entire algorithm.The input of the shift register then, apart from the data and the key,also consists of a linear and a non-linear combination of theshift-register contents.

Such shift registers are generally applied in the event of portablecards, such as chip cards, calling cards, smart-card products and thelike.

Since the secret key is not known to unauthorized third parties, it isbasically impossible to derive either the input or the key from theoutput of the algorithm.

Now it has become apparent, however, that for chip cards and the like itis possible, in the event of computations, to derive the secret key usedfrom a statistical analysis of the power consumption of the card. Suchmethods are known as “Differential Power Analysis” (=DPA) and aredescribed in the Internet publication DPA Technical Information:“Introduction to Differential Power Analysis and Related Attacks” by P.Kocher et al., Cryptography Research, San Francisco, 1998.

Such methods are based on the fact that, in practice, with cryptographicoperations, information is leaking away to the outside world in the formof power-consumption data, electromagnetic radiation and the like.

Thus, logical microprocessor units show regular transistor-switchingpatterns which externally (i.e., outside the microprocessor) noticeablyproduce electrical behaviour.

In this manner, it is possible to identify macro characteristics, suchas microprocessor activity, by recording the power consumption andderiving information on the secret key used by way of statisticalanalysis of the data thus obtained.

SUMMARY OF THE INVENTION

The invention now overcomes this drawback in the art and provides aportable card which is resistant to such analyses and therefore providesa card which is safe to use.

The method according to the invention is characterized in that analgorithm is applied to the card which is constructed in such a mannerthat the collection of values of recorded leak-information signals isresistant to deriving the secret key by way of statistical analysis ofthose values. Advantageously, after loading the key into the shiftregister, the shift register is subsequently clocked on, during aspecific period of time, several times, at least making use of thelinear feedback function.

A suitable alternative according to the invention is loading only thekey into the shift register in the event of a fixed content of the shiftregister.

In a first advantageous embodiment of the invention, there is firstloaded the key, subsequently clocking on is performed, after which thedata is loaded.

In another advantageous embodiment of the invention, the key is firstloaded, subsequently the data is loaded into the shift register, makingexclusive use of the linear feedback function and subsequently theclocking on is performed.

In yet another advantageous embodiment of the invention, the data isfirst loaded, subsequently the key is loaded, making exclusive use ofthe linear feedback function, whereafter clocking on is performed.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention will now be further explained with reference to thedrawing and the description by way of non-limiting examples.

FIG. 1 schematically shows a typical shift register as applied with aportable card, such as a chip card and the like.

FIG. 2 schematically shows an advantageous solution according to theinvention, and

FIG. 3 schematically shows another advantageous solution according tothe invention.

DETAILED DESCRIPTION

Referring now to FIG. 1, there is shown a feedback shift register 1,which is applied in any way suitable for that purpose to a portablecard, not shown for simplicity's sake, such as a chip card, calling cardand the like, having an input 2 and an output 3.

The feedback shift register 1 comprises a shift register 1 a, as well asa feedback function, which in this case consists of a linear function 1b and a non-linear function 1 c with the latter having an output 3 a.Such a feedback shift register, due to its relatively low costs, iseligible for being applied to, e.g., calling cards and the like. Throughthe non-linear function, each bit depends on each number of key bits.

Shift registers are generally known and their operation will thereforenot be described in detail. The shift register 1 a consists of a seriesof bits. The length of a shift register is expressed in bits; in theevent of a length of n bits, it is called an n-bit shift register.

Each time a bit is required, all bits in the shift register are shifted1 bit to the right. The new left bit is calculated as a function of thebits remaining in the register and the input.

The output of the shift register is 1 bit, often the least significantbit. The period of a shift register is the length of the output seriesbefore repetition starts.

Data is loaded by way of the input 2; the key is loaded, and results areproduced by way of the output 3 or, if so desired, 3 a. In a similarsituation, however, there may be carried out an attack on the secret keyused by way of DPA, based on power variations of the system in the eventof computations via statistical analysis of “leak data” anderror-correcting techniques.

In this connection, it should be noted that, from a security viewpoint,it is desirable to load the key and the data non-linearly into the shiftregister. It has become apparent, however, that in the event ofcalculations, non-linearly loading the key and the data into the shiftregister increases the chance of deriving the secret key used throughstatistical analysis of the power consumption.

In FIG. 2 and FIG. 3, the same reference numerals as used in FIG. 1refer to the same components.

FIG. 2 now shows an advantageous embodiment of the invention, the keyfirst being loaded into the shift register, subsequently data beingloaded, at least initially, exclusively using the linear-feedbackfunction, and then clocking (e.g., 100 times or more) of the shiftregister taking place. During loading the data and, if so desired, thesubsequent clocking on, the non-linear function of the shift register isdeactivated until the shift register has been sufficiently clocked.Then, the non-linear function is switched once again.

In doing so, the linear-feedback function 1 b continues to be active.

Deactivating and activating, as the case may be, the non-linear function1 c may take place in any way suitable for that purpose, e.g., usingswitches.

The shift register 1 a is advantageously clocked so many times that thecontents of all elements of the shift register depends on a largeportion of the bits of the key.

In another advantageous embodiment, after loading the key, the shiftregister is first clocked until the contents of all elements of theshift register depend on a large portion of the bits of the key. Onlyafter this clocking, the data in the shift register 1 a is permitted tobe loaded and non-linear operations on the contents of the shiftregister are also permitted to be effected.

Clocking takes place in any way known to those skilled in the art andwill therefore not be explained in further detail.

For completeness' sake, it should be noted that DPA is only capable ofbeing carried out if a non-linear operation of the data with the keytakes place. Since, in addition, the effort required for DPA risesexponentially with the number of key bits on which the bits in the shiftregister depend, it is achieved in this manner that, in the event ofsufficient interim clocking of the shift register 1 a, applying DPA doesnot result in short-term success.

In FIG. 3, there is shown an advantageous variant of the invention, thekey having been loaded with fixed contents of the shift register (whichmay also consist purely of zeros) and clocking the shift register takingplace with an active linear and an active non-linear feedback function,but without data being loaded into the shift register during theclocking period. In doing so, the input of data into the shift registerafter loading the key is disconnected from the shift register and isreinstated again after a specific clocking period. Due to the fixedcontents of the shift register, it is not permitted to apply anymodifications and an unauthorized third party shall not be capable ofdetermining a collection of different values of leak data, such as powerconsumption, and subject it to statistical analysis in order to retrievethe key.

In this solution according to the invention, the key may therefore beloaded non-linearly, and deactivating the non-linear feedback functionwill not be required.

In another advantageous embodiment of the invention, in the event thatthe key, after data has been loaded into the shift register, is notloaded with the fixed contents of the shift register, the key is loadedinto the shift register using only the linear-feedback function,whereafter subsequent clocking is permitted to take place.

After the aforementioned description, various modifications of themethod according to the invention will become apparent to those skilledin the art.

Such modifications shall be deemed to fall within the scope of theinvention.

1. A method for protecting a portable card, provided with acryptographic algorithm for enciphering data and/or authenticating thecard, against deriving a secret key used in the card from statisticalanalysis of information leaking away from the card to an outside worldin the event of cryptographic operations performed by the card, the cardbeing provided with at least a shift register having linear andnon-linear feedback functions for implementing cryptographic algorithms,the method comprising the steps of: loading data to be processed and asecret key into the shift register of the card; and controlling thelinear and non-linear feedback functions separately from each other insuch a manner that collection of values of recorded leak-informationsignals is resistant to deriving the secret key through said statisticalanalysis of the values.
 2. The method recited in claim 1 wherein saidmanner comprises invoking the linear and non-linear feedback functionsin a predefined sequence.
 3. The method recited in claim 1 wherein theinformation leaking away to the outside world comprises eitherpower-consumption data or electromagnetic radiation.
 4. The methodrecited in claim 1 further comprising the steps of: after the key hasbeen loaded into the shift register, clocking the shift register severaltimes, during a specific period, using at least the linear-feedbackfunction; then loading data into the shift register only using thelinear-feedback function; and subsequently clocking the shift register.5. The method recited in claim 4 further comprising the step of: duringa first instance of clocking the shift register, clocking the shiftregister for a time such that the contents of all elements of the shiftregister largely depend on bits of the key.
 6. The method recited inclaim 4 further comprising the steps of: after the key has been loadedinto the shift register, disconnecting the data from an input to theshift register; and after the specific period has occurred, reconnectingthe data to the input of the shift register so that the data can then beloaded into the shift register.
 7. The method recited in claim 1 furthercomprising the step of: after the key has been loaded into the shiftregister, clocking the shift register, during a specific period, severaltimes, with the linear and non-linear feedback functions of the shiftregister being active but no data being loaded into the shift registerduring or prior to the clocking or prior to loading the key.
 8. Themethod recited in claim 7 further comprising the steps of: after the keyhas been loaded into the shift register, disconnecting the data from aninput to the shift register; and after the specific period has occurred,reconnecting the data to the input to the shift register so that thedata can then be loaded into the shift register.
 9. The method recitedin claim 1 further comprising the step of: loading the key into theshift register with both the linear and non-linear functions beingactive and only when the contents of the shift register are fixed. 10.The method recited in claim 1 further comprising the steps of: if thekey is not been loaded into the shift register while the contents of theshift register are fixed, loading the key into the shift register usingonly the linear feedback function; and then clocking the shift register.